RESOLVED FIXED 141638
ASSERTION FAILED: result in WebCore::CSSParser::parseURI 
https://bugs.webkit.org/show_bug.cgi?id=141638
Summary ASSERTION FAILED: result in WebCore::CSSParser::parseURI
Renata Hodovan
Reported 2015-02-16 04:39:31 PST
Created attachment 246645 [details] Test case Load this with debug WK: <svg> <clipPath cursor="url(session://a.b@5:0\fff?foo=bar)"></clipPath> </svg> Backtrace: ASSERTION FAILED: result ../../Source/WebCore/css/CSSParser.cpp(10739) : void WebCore::CSSParser::parseURI(WebCore::CSSParserString&) [with CharacterType = unsigned char] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff8affd700 (LWP 29588)] 0x00007fffed73b5ef in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffed73b5ef in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff2da04e4 in WebCore::CSSParser::parseURI<unsigned char> (this=0x7fffffffaea0, string=...) at ../../Source/WebCore/css/CSSParser.cpp:10739 #2 0x00007ffff2d95b4a in WebCore::CSSParser::realLex<unsigned char> (this=0x7fffffffaea0, yylvalWithoutType=0x7fffffff8b50) at ../../Source/WebCore/css/CSSParser.cpp:11375 #3 0x00007ffff3e3895c in WebCore::CSSParser::lex (this=0x7fffffffaea0, yylval=0x7fffffff8b50) at ../../Source/WebCore/css/CSSParser.h:429 #4 0x00007ffff3e38981 in WebCore::cssyylex (yylval=0x7fffffff8b50, parser=0x7fffffffaea0) at ../../Source/WebCore/css/CSSParser.h:725 #5 0x00007ffff3e31363 in cssyyparse (parser=0x7fffffffaea0) at DerivedSources/WebCore/CSSGrammar.cpp:2538 #6 0x00007ffff2d57925 in WebCore::CSSParser::parseValue (this=0x7fffffffaea0, declaration=0x7ffff7f25bc8, propertyID=WebCore::CSSPropertyCursor, string=..., important=false, contextStyleSheet=0x7ffff7f1b680) at ../../Source/WebCore/css/CSSParser.cpp:1319 #7 0x00007ffff2d5781a in WebCore::CSSParser::parseValue (declaration=0x7ffff7f25bc8, propertyID=WebCore::CSSPropertyCursor, string=..., important=false, cssParserMode=WebCore::SVGAttributeMode, contextStyleSheet=0x7ffff7f1b680) at ../../Source/WebCore/css/CSSParser.cpp:1307 #8 0x00007ffff2e206d7 in WebCore::MutableStyleProperties::setProperty (this=0x7ffff7f25bc8, propertyID=WebCore::CSSPropertyCursor, value=..., important=false, contextStyleSheet=0x7ffff7f1b680) at ../../Source/WebCore/css/StyleProperties.cpp:684 #9 0x00007ffff2fc9d3f in WebCore::StyledElement::addPropertyToPresentationAttributeStyle (this=0x7ffff7f35b00, style=..., propertyID=WebCore::CSSPropertyCursor, value=...) at ../../Source/WebCore/dom/StyledElement.cpp:371 #10 0x00007ffff3b25c06 in WebCore::SVGElement::collectStyleForPresentationAttribute (this=0x7ffff7f35b00, name=..., value=..., style=...) at ../../Source/WebCore/svg/SVGElement.cpp:1040 #11 0x00007ffff2fc9807 in WebCore::StyledElement::rebuildPresentationAttributeStyle (this=0x7ffff7f35b00) at ../../Source/WebCore/dom/StyledElement.cpp:334 #12 0x00007ffff2de4b95 in WebCore::StyledElement::presentationAttributeStyle (this=0x7ffff7f35b00) at ../../Source/WebCore/dom/StyledElement.h:105 #13 0x00007ffff2de3fc8 in WebCore::ElementRuleCollector::matchAllRules (this=0x7fffffffc3e0, matchAuthorAndUserStyles=true, includeSMILProperties=true) at ../../Source/WebCore/css/ElementRuleCollector.cpp:416 #14 0x00007ffff2e28e1b in WebCore::StyleResolver::styleForElement (this=0x7ffff7f1d800, element=0x7ffff7f35b00, defaultParent=0x7ffff7ec9ae0, sharingBehavior=WebCore::AllowStyleSharing, matchingBehavior=WebCore::MatchAllRules, regionForStyling=0x0) at ../../Source/WebCore/css/StyleResolver.cpp:796 #15 0x00007ffff3b24a64 in WebCore::SVGElement::customStyleForRenderer (this=0x7ffff7f35b00, parentStyle=...) at ../../Source/WebCore/svg/SVGElement.cpp:801 #16 0x00007ffff3ac0f29 in WebCore::Style::styleForElement (element=..., inheritedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:259 #17 0x00007ffff3ac1157 in WebCore::Style::createRendererIfNeeded (element=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:288 #18 0x00007ffff3ac2713 in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:615 #19 0x00007ffff3ac1e24 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #20 0x00007ffff3ac27ea in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #21 0x00007ffff3ac1e24 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #22 0x00007ffff3ac27ea in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #23 0x00007ffff3ac1e24 in WebCore::Style::attachChildren (current=..., inheritedStyle=..., renderTreePosition=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:484 #24 0x00007ffff3ac27ea in WebCore::Style::attachRenderTree (current=..., inheritedStyle=..., renderTreePosition=..., resolvedStyle=...) at ../../Source/WebCore/style/StyleResolveTree.cpp:629 #25 0x00007ffff3ac3006 in WebCore::Style::resolveLocal (current=..., inheritedStyle=..., renderTreePosition=..., inheritedChange=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:756 #26 0x00007ffff3ac379d in WebCore::Style::resolveTree (current=..., inheritedStyle=..., renderTreePosition=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:918 #27 0x00007ffff3ac3c82 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::NoChange) at ../../Source/WebCore/style/StyleResolveTree.cpp:994 #28 0x00007ffff2ec680a in WebCore::Document::recalcStyle (this=0x7ffff7e8c000, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1764 #29 0x00007ffff2ec6b01 in WebCore::Document::updateStyleIfNeeded (this=0x7ffff7e8c000) at ../../Source/WebCore/dom/Document.cpp:1812 #30 0x00007ffff2ed1e3e in WebCore::Document::finishedParsing (this=0x7ffff7e8c000) at ../../Source/WebCore/dom/Document.cpp:4627 #31 0x00007ffff3243961 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7ffff7f33800) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:404 #32 0x00007ffff328047a in WebCore::HTMLTreeBuilder::finished (this=0x7ffff7f337e0) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2940 #33 0x00007ffff324c2fc in WebCore::HTMLDocumentParser::end (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #34 0x00007ffff324c3ca in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411 #35 0x00007ffff324b07a in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #36 0x00007ffff324c401 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423 #37 0x00007ffff324c4af in WebCore::HTMLDocumentParser::finish (this=0x7ffff7ece100) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #38 0x00007ffff33bbb29 in WebCore::DocumentWriter::end (this=0x7ffff7eb9aa0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #39 0x00007ffff33a70f9 in WebCore::DocumentLoader::finishedLoading (this=0x7ffff7eb9a00, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:440 #40 0x00007ffff33a6e62 in WebCore::DocumentLoader::notifyFinished (this=0x7ffff7eb9a00, resource=0x7ffff7ec6680) at ../../Source/WebCore/loader/DocumentLoader.cpp:374 #41 0x00007ffff345b7e8 in WebCore::CachedResource::checkNotify (this=0x7ffff7ec6680) at ../../Source/WebCore/loader/cache/CachedResource.cpp:293 #42 0x00007ffff345b8e6 in WebCore::CachedResource::finishLoading (this=0x7ffff7ec6680) at ../../Source/WebCore/loader/cache/CachedResource.cpp:309 #43 0x00007ffff3457f1f in WebCore::CachedRawResource::finishLoading (this=0x7ffff7ec6680, data=0x7ffff7e84570) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #44 0x00007ffff340a3f1 in WebCore::SubresourceLoader::didFinishLoading (this=0x7ffff7ec6200, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:364 #45 0x00007ffff3405d2b in WebCore::ResourceLoader::didFinishLoading (this=0x7ffff7ec6200, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:542 #46 0x00007ffff3db92b5 in WebCore::readCallback (asyncResult=0x7701f0, data=0x7ffff7e7bb40) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1295 #47 0x00007fffeb2777e6 in async_ready_callback_wrapper (source_object=0x7c72d0, res=0x7701f0, user_data=user_data@entry=0x7ffff7e7bb40) at ginputstream.c:523 #48 0x00007fffeb29d0e5 in g_task_return_now (task=0x7701f0) at gtask.c:1077 #49 0x00007fffeb29d109 in complete_in_idle_cb (task=0x7701f0) at gtask.c:1086 #50 0x00007fffea555a1d in g_main_dispatch (context=0x478b00) at gmain.c:3064 #51 g_main_context_dispatch (context=context@entry=0x478b00) at gmain.c:3663 #52 0x00007fffea555d88 in g_main_context_iterate (context=0x478b00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #53 0x00007fffea55604a in g_main_loop_run (loop=0x901d10) at gmain.c:3928 #54 0x00007ffff44b31e6 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #55 0x00007ffff29a1cfc in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd948) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #56 0x00007ffff29a1b61 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd948) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77 #57 0x00000000004008d1 in main (argc=2, argv=0x7fffffffd948) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test case (82 bytes, text/html)
2015-02-16 04:39 PST, Renata Hodovan 		no flags
Details
Patch (5.02 KB, patch)
2016-09-30 14:44 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Patch (5.09 KB, patch)
2016-09-30 14:46 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-08-04 16:38:05 PDT
Reproduces in r204037.
Radar WebKit Bug Importer
Comment 2 2016-08-04 16:39:28 PDT
<rdar://problem/27709952>
Andy Estes
Comment 3 2016-09-29 18:11:50 PDT
*** Bug 162763 has been marked as a duplicate of this bug. ***
Andy Estes
Comment 4 2016-09-30 14:44:37 PDT
Created attachment 290386 [details] Patch
Andy Estes
Comment 5 2016-09-30 14:46:13 PDT
Created attachment 290387 [details] Patch
Andy Estes
Comment 6 2016-09-30 14:51:08 PDT
The attached test case actually uncovered two separate issues: 1. CSS URLs with multi-byte Unicode escape sequences fail to parse. 2. Invalid CSS URLs with non-ASCII characters trigger assertions when used with the CSS cursor property. I'll use this bug to fix #1, and bug 162763 to fix #2.
Andreas Kling
Comment 7 2016-10-03 10:26:03 PDT
Comment on attachment 290387 [details] Patch r=me
WebKit Commit Bot
Comment 8 2016-10-03 10:46:56 PDT
Comment on attachment 290387 [details] Patch Clearing flags on attachment: 290387 Committed r206736: <http://trac.webkit.org/changeset/206736>
WebKit Commit Bot
Comment 9 2016-10-03 10:47:03 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.